Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
240
Views
0
Helpful
1
Replies

1720, NAT and Access-List

charlson
Level 1
Level 1

‎03-11-2003 01:04 PM - edited ‎03-02-2019 05:47 AM

We have a 1720 with a WAN Interface, to the internet, We have NAT statements to map an external IP to an internal IP for access to services, email, www, etc..

I want to setup access-list to only open ports for the services needed. The way it is currently setup, is there is a one-to-one nat with all ports being mapped.

I entered a access-list statement like this: access-list 102 permit tcp ant host EXTERNALIP eq smtp. When I do a port scan, it still shows all the open ports. Am I doing something wrong? There is another WAN interface that connects to a remote site.

Labels:
0 Helpful
1 Reply 1

liviu.gheorghe
Spotlight
Spotlight

‎03-13-2003 08:39 AM

You can configure the translation from the inside IP address to the outside one only for the ports you need, for example:

ip nat inside source static tcp 192.168.1.1 25 153.154.155.156 25

for the mail server.

This way the only ports visible from the internet are the ones you configure.

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents